150 likes | 281 Views
CDM. David Frye. Centralized Desktop Management at LLNL A Major Paradigm Shift. Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551.
E N D
CDM David Frye Centralized Desktop Management at LLNL A Major Paradigm Shift Lawrence Livermore National Laboratory, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department of Energy by Lawrence Livermore National Laboratory under Contract DE-AC52-07NA27344.
What is CDM? • Centralized Desktop Management • Project started in April, 2008 • Centralize desktop management for basic IT functions: • Patch Management • Security Configuration • Software Distribution • Antivirus • Active Directory • Initial scope: 1 Principal Directorate (PD), ~2,000 PCs UCRL: LLNL-PRES-413001
CDM: Part of a larger whole • ITIL based framework • End-to-end managed computing environment • Centrally controlled UCRL: LLNL-PRES-413001
Why CDM? • Cost savings • Greater automation • Reduced people/process redundancy • Greater IT Efficiency • Stronger security • More consistency and cohesion • Greater innovation • Tighter Dev/Ops relationship UCRL: LLNL-PRES-413001
Stated CDM Success Metrics: • CDM Version 1: • 80% of all CDM clients will have Microsoft critical patches applied within 30 days of release from Microsoft (initial value: ~40%). • CDM Version 2 (10/2008): • 90% of all CDM clients will have ALL Microsoft security patches applied with 15 days of release from Microsoft • 3rd party security patches will be applied for: AdobeReader/Flash, Java, QuickTime, Firefox UCRL: LLNL-PRES-413001
Desktop Management – Traditional Model Delegated IT Operations Central Services PD IT NIF Admin OPERATIONS OPS Admin • No central implementation • Loose integration of services • Inconsistent feedback cycle • Redundancy of effort Admin … UCRL: LLNL-PRES-413001
New Paradigm: CDM • Remove Operations Wall • Move Admin Operations into ITSD • Maintain Tier 2 support in PD • Establish cooperative management team Directorate IT Admin Tier 2 Support UCRL: LLNL-PRES-413001
CDM: The People • 2 People Brought in from PD • 1 for Patch, A/V, Compliancy, SW Distribution • 1 for Active Directory administration • Both reported to respective service leads for technical direction • Tier 2 desktop support consolidated under single manager UCRL: LLNL-PRES-413001
CDM: The Process – System Binning • Instrumented via Active Directory Groups • Categorization based on Efficiency: High Medium Low • Most computers • Focus on automation • Little end user control • Mobile computers/VIPs • Focus on flexibility • More end user control • Critical Systems • Focus on Impact • Total end user control UCRL: LLNL-PRES-413001
CDM: Service Contract • Service Behavior based on Bin UCRL: LLNL-PRES-413001
CDM: Tools SelfPatch Presence Awareness COEConfig SLAM UCRL: LLNL-PRES-413001
CDM: Dashboards • Critical communications tool • Keeps everyone on same page • Demonstrates effectiveness Summary Information Key Performance Indicators Trending Internet Monitoring UCRL: LLNL-PRES-413001
CDM: Results • Tangible Results • Low user impact • Centrally managed 1st 3 days of CDM v2 1st 3 days of CDM v1 UCRL: LLNL-PRES-413001
CDM: Future • More Services! • Improve A/V & Active Directory Offering • User Data Management • NAPS compliancy automation • System Performance Management (“govinator”) • More Customers • Expand to more PDs • Apply same binning, service contract and tools UCRL: LLNL-PRES-413001
Questions? THANK YOU! UCRL: LLNL-PRES-413001